1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_server_init_main(void *t0ctx
);
66 void br_ssl_hs_server_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "addresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_server_context *)ENG)
95 * Decrypt the pre-master secret (RSA key exchange).
98 do_rsa_decrypt(br_ssl_server_context
*ctx
, int prf_id
,
99 unsigned char *epms
, size_t len
)
102 unsigned char rpms
[48];
107 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
, epms
, &len
);
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
116 br_enc16be(epms
, ctx
->client_max_version
);
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
123 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, sizeof rpms
);
124 br_ccopy(x
^ 1, epms
, rpms
, sizeof rpms
);
127 * Compute master secret.
129 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, epms
, 48);
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
135 memset(epms
, 0, len
);
139 * Common part for ECDH and ECDHE.
142 ecdh_common(br_ssl_server_context
*ctx
, int prf_id
,
143 unsigned char *xcoor
, size_t xcoor_len
, uint32_t ctl
)
145 unsigned char rpms
[80];
147 if (xcoor_len
> sizeof rpms
) {
148 xcoor_len
= sizeof rpms
;
153 * Make a random PMS and copy it above the decrypted value if the
154 * decryption failed. Note that we use a constant-time conditional
157 br_hmac_drbg_generate(&ctx
->eng
.rng
, rpms
, xcoor_len
);
158 br_ccopy(ctl
^ 1, xcoor
, rpms
, xcoor_len
);
161 * Compute master secret.
163 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, xcoor
, xcoor_len
);
166 * Clear the pre-master secret from RAM: it is normally a buffer
167 * in the context, hence potentially long-lived.
169 memset(xcoor
, 0, xcoor_len
);
173 * Do the ECDH key exchange (not ECDHE).
176 do_ecdh(br_ssl_server_context
*ctx
, int prf_id
,
177 unsigned char *cpoint
, size_t cpoint_len
)
182 * Finalise the key exchange.
184 x
= (*ctx
->policy_vtable
)->do_keyx(ctx
->policy_vtable
,
185 cpoint
, &cpoint_len
);
186 ecdh_common(ctx
, prf_id
, cpoint
, cpoint_len
, x
);
190 * Do the full static ECDH key exchange. When this function is called,
191 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
192 * and the client's public key (from its certificate) has type EC and is
193 * apt for key exchange.
196 do_static_ecdh(br_ssl_server_context
*ctx
, int prf_id
)
198 unsigned char cpoint
[133];
200 const br_x509_class
**xc
;
201 const br_x509_pkey
*pk
;
203 xc
= ctx
->eng
.x509ctx
;
204 pk
= (*xc
)->get_pkey(xc
, NULL
);
205 cpoint_len
= pk
->key
.ec
.qlen
;
206 if (cpoint_len
> sizeof cpoint
) {
208 * If the point is larger than our buffer then we need to
209 * restrict it. Length 2 is not a valid point length, so
210 * the ECDH will fail.
214 memcpy(cpoint
, pk
->key
.ec
.q
, cpoint_len
);
215 do_ecdh(ctx
, prf_id
, cpoint
, cpoint_len
);
219 hash_data(br_ssl_server_context
*ctx
,
220 void *dst
, int hash_id
, const void *src
, size_t len
)
222 const br_hash_class
*hf
;
223 br_hash_compat_context hc
;
226 unsigned char tmp
[36];
228 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_md5_ID
);
232 hf
->init(&hc
.vtable
);
233 hf
->update(&hc
.vtable
, src
, len
);
234 hf
->out(&hc
.vtable
, tmp
);
235 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, br_sha1_ID
);
239 hf
->init(&hc
.vtable
);
240 hf
->update(&hc
.vtable
, src
, len
);
241 hf
->out(&hc
.vtable
, tmp
+ 16);
242 memcpy(dst
, tmp
, 36);
245 hf
= br_multihash_getimpl(&ctx
->eng
.mhash
, hash_id
);
249 hf
->init(&hc
.vtable
);
250 hf
->update(&hc
.vtable
, src
, len
);
251 hf
->out(&hc
.vtable
, dst
);
252 return (hf
->desc
>> BR_HASHDESC_OUT_OFF
) & BR_HASHDESC_OUT_MASK
;
257 * Do the ECDHE key exchange (part 1: generation of transient key, and
258 * computing of the point to send to the client). Returned value is the
259 * signature length (in bytes), or -x on error (with x being an error
260 * code). The encoded point is written in the ecdhe_point[] context buffer
261 * (length in ecdhe_point_len).
264 do_ecdhe_part1(br_ssl_server_context
*ctx
, int curve
)
268 const unsigned char *order
;
270 size_t hv_len
, sig_len
;
272 if (!((ctx
->eng
.iec
->supported_curves
>> curve
) & 1)) {
273 return -BR_ERR_INVALID_ALGORITHM
;
275 ctx
->eng
.ecdhe_curve
= curve
;
278 * Generate our private key. We need a non-zero random value
279 * which is lower than the curve order, in a "large enough"
280 * range. We force the top bit to 0 and bottom bit to 1, which
281 * does the trick. Note that contrary to what happens in ECDSA,
282 * this is not a problem if we do not cover the full range of
285 order
= ctx
->eng
.iec
->order(curve
, &olen
);
287 while (mask
>= order
[0]) {
290 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->ecdhe_key
, olen
);
291 ctx
->ecdhe_key
[0] &= mask
;
292 ctx
->ecdhe_key
[olen
- 1] |= 0x01;
293 ctx
->ecdhe_key_len
= olen
;
296 * Compute our ECDH point.
298 glen
= ctx
->eng
.iec
->mulgen(ctx
->eng
.ecdhe_point
,
299 ctx
->ecdhe_key
, olen
, curve
);
300 ctx
->eng
.ecdhe_point_len
= glen
;
303 * Assemble the message to be signed, and possibly hash it.
305 memcpy(ctx
->eng
.pad
, ctx
->eng
.client_random
, 32);
306 memcpy(ctx
->eng
.pad
+ 32, ctx
->eng
.server_random
, 32);
307 ctx
->eng
.pad
[64 + 0] = 0x03;
308 ctx
->eng
.pad
[64 + 1] = 0x00;
309 ctx
->eng
.pad
[64 + 2] = curve
;
310 ctx
->eng
.pad
[64 + 3] = ctx
->eng
.ecdhe_point_len
;
311 memcpy(ctx
->eng
.pad
+ 64 + 4,
312 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
313 hv_len
= 64 + 4 + ctx
->eng
.ecdhe_point_len
;
314 algo_id
= ctx
->sign_hash_id
;
315 if (algo_id
>= (unsigned)0xFF00) {
316 hv_len
= hash_data(ctx
, ctx
->eng
.pad
, algo_id
& 0xFF,
317 ctx
->eng
.pad
, hv_len
);
319 return -BR_ERR_INVALID_ALGORITHM
;
323 sig_len
= (*ctx
->policy_vtable
)->do_sign(ctx
->policy_vtable
,
324 algo_id
, ctx
->eng
.pad
, hv_len
, sizeof ctx
->eng
.pad
);
325 return sig_len
? (int)sig_len
: -BR_ERR_INVALID_ALGORITHM
;
329 * Do the ECDHE key exchange (part 2: computation of the shared secret
330 * from the point sent by the client).
333 do_ecdhe_part2(br_ssl_server_context
*ctx
, int prf_id
,
334 unsigned char *cpoint
, size_t cpoint_len
)
340 curve
= ctx
->eng
.ecdhe_curve
;
343 * Finalise the key exchange.
345 ctl
= ctx
->eng
.iec
->mul(cpoint
, cpoint_len
,
346 ctx
->ecdhe_key
, ctx
->ecdhe_key_len
, curve
);
347 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
348 ecdh_common(ctx
, prf_id
, cpoint
+ xoff
, xlen
, ctl
);
351 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
352 * as that key does not get stolen, so we'd better destroy it
353 * as soon as it ceases to be useful.
355 memset(ctx
->ecdhe_key
, 0, ctx
->ecdhe_key_len
);
359 * Offset for hash value within the pad (when obtaining all hash values,
360 * in preparation for verification of the CertificateVerify message).
361 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
362 * is used to get the total length.
364 static const unsigned char HASH_PAD_OFF
[] = { 0, 16, 36, 64, 96, 144, 208 };
367 * OID for hash functions in RSA signatures.
369 static const unsigned char HASH_OID_SHA1
[] = {
370 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
373 static const unsigned char HASH_OID_SHA224
[] = {
374 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
377 static const unsigned char HASH_OID_SHA256
[] = {
378 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
381 static const unsigned char HASH_OID_SHA384
[] = {
382 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
385 static const unsigned char HASH_OID_SHA512
[] = {
386 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
389 static const unsigned char *HASH_OID
[] = {
398 * Verify the signature in CertificateVerify. Returned value is 0 on
399 * success, or a non-zero error code. Lack of implementation of the
400 * designated signature algorithm is reported as a "bad signature"
401 * error (because it means that the peer did not honour our advertised
402 * set of supported signature algorithms).
405 verify_CV_sig(br_ssl_server_context
*ctx
, size_t sig_len
)
407 const br_x509_class
**xc
;
408 const br_x509_pkey
*pk
;
411 id
= ctx
->hash_CV_id
;
412 xc
= ctx
->eng
.x509ctx
;
413 pk
= (*xc
)->get_pkey(xc
, NULL
);
414 if (pk
->key_type
== BR_KEYTYPE_RSA
) {
415 unsigned char tmp
[64];
416 const unsigned char *hash_oid
;
421 hash_oid
= HASH_OID
[id
- 2];
423 if (ctx
->eng
.irsavrfy
== 0) {
424 return BR_ERR_BAD_SIGNATURE
;
426 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
427 hash_oid
, ctx
->hash_CV_len
, &pk
->key
.rsa
, tmp
)
428 || memcmp(tmp
, ctx
->hash_CV
, ctx
->hash_CV_len
) != 0)
430 return BR_ERR_BAD_SIGNATURE
;
433 if (ctx
->eng
.iecdsa
== 0) {
434 return BR_ERR_BAD_SIGNATURE
;
436 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
,
437 ctx
->hash_CV
, ctx
->hash_CV_len
,
438 &pk
->key
.ec
, ctx
->eng
.pad
, sig_len
))
440 return BR_ERR_BAD_SIGNATURE
;
448 static const unsigned char t0_datablock
[] = {
449 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
450 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
451 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
452 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
453 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
454 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
455 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
456 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
457 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
458 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
459 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
460 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
461 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
464 static const unsigned char t0_codeblock
[] = {
465 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
466 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
467 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
468 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_BAD_SIGNATURE
), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_BAD_VERSION
), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_NO_CLIENT_AUTH
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
480 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
483 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
487 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
489 T0_INT2(offsetof(br_ssl_server_context
, client_max_version
)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, client_random
)),
492 T0_INT2(offsetof(br_ssl_server_context
, client_suites
)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_server_context
, client_suites_num
)),
495 T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_server_context
, curves
)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)),
500 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context
, hashes
)),
501 0x00, 0x00, 0x79, 0x01,
502 T0_INT2(BR_MAX_CIPHER_SUITES
* sizeof(br_suite_translated
)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
504 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00,
506 T0_INT2(offsetof(br_ssl_engine_context
, peer_log_max_frag_len
)), 0x00,
508 T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)),
511 T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00, 0x00,
513 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)), 0x00,
515 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
518 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
520 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
522 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
524 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
525 0x01, T0_INT2(offsetof(br_ssl_server_context
, sign_hash_id
)), 0x00,
526 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00,
527 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00,
529 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
530 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
532 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
533 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
534 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
535 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
536 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
537 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
538 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
539 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA6, 0x1C, 0x83,
540 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
541 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x30, 0x02, 0x00, 0x38, 0x13,
542 0x01, 0x01, 0x0C, 0x75, 0x42, 0x2C, 0x19, 0x38, 0x06, 0x07, 0x02, 0x00,
543 0xCE, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x2A, 0x19,
544 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCE, 0x04, 0x76, 0x00, 0x01, 0x00, 0x75,
545 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0x8A, 0x40, 0x36, 0xAF, 0x35,
546 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD5, 0x01, 0x00, 0xD1, 0x01, 0x00,
547 0xAB, 0x04, 0x80, 0x46, 0xD5, 0xD2, 0x29, 0xD7, 0x4E, 0x06, 0x01, 0xD3,
548 0xD6, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00, 0xAC, 0x2A, 0x5B, 0x06, 0x0F,
549 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B, 0x29, 0xB0, 0xAE, 0x2A, 0xC7,
550 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B, 0x29, 0x01, 0x02, 0xA2, 0x05,
551 0x02, 0x6E, 0x2B, 0xB0, 0x04, 0x0A, 0xB2, 0x2A, 0x05, 0x04, 0x29, 0xA9,
552 0x04, 0x02, 0xB1, 0xAD, 0x04, 0x01, 0xB0, 0x01, 0x00, 0xAB, 0x01, 0x00,
553 0xD1, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00,
554 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04, 0xCD,
555 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xC4, 0x19, 0x38, 0x06, 0x04,
556 0xCD, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2B, 0x00,
557 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01, 0x13, 0x37, 0x00, 0x00, 0x2A,
558 0x05, 0x04, 0x29, 0x01, 0x7F, 0x00, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01,
559 0x13, 0x5D, 0x06, 0x03, 0x5F, 0x04, 0x75, 0x47, 0x29, 0x00, 0x00, 0x01,
560 0x7F, 0x9F, 0xCD, 0x2A, 0x01, 0x07, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06,
561 0x0D, 0x29, 0x01, 0x10, 0x13, 0x06, 0x05, 0x01, 0x00, 0x75, 0x42, 0xC3,
562 0x04, 0x33, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x2A, 0x29, 0x29, 0x88, 0x30,
563 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x18, 0xC6, 0x2C, 0x19,
564 0x38, 0x06, 0x04, 0xCD, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
565 0x01, 0x75, 0x42, 0x01, 0x17, 0x87, 0x42, 0x04, 0x03, 0x01, 0x00, 0x9F,
566 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0xFF, 0x32, 0x01, 0x2A, 0x03, 0x00,
567 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00, 0x00, 0x00, 0x9A,
568 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
569 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29, 0x01, 0x02, 0x74,
570 0x42, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x14, 0x29,
571 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01,
572 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x04, 0x07, 0x29, 0x01, 0x82, 0x00, 0x08,
573 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06, 0x05, 0x3D, 0xA7, 0x39,
574 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x42, 0x00, 0x00, 0x01,
575 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72, 0x2B, 0x76, 0x2E, 0x2A,
576 0xC9, 0x05, 0x02, 0x71, 0x2B, 0xA6, 0x28, 0x00, 0x02, 0x85, 0x2E, 0x05,
577 0x02, 0xBA, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x7E, 0x03, 0x00, 0x2A,
578 0x06, 0x17, 0xC0, 0x2A, 0x03, 0x01, 0x83, 0x47, 0xB4, 0x02, 0x01, 0x4F,
579 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00, 0x04, 0x01, 0x29, 0x04,
580 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40, 0x00, 0x00, 0x31, 0x06,
581 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x11,
582 0xCD, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02,
583 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC1, 0x01, 0x01, 0x0E, 0x35, 0x39, 0x06,
584 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC8, 0x38, 0xB3, 0x00, 0x01, 0xB8,
585 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A, 0x01, 0x03, 0x0F, 0x06,
586 0x08, 0xBF, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29, 0x00, 0x47, 0x5A, 0xBF,
587 0xA5, 0x2A, 0x06, 0x23, 0xBF, 0xA5, 0x2A, 0x59, 0x2A, 0x06, 0x18, 0x2A,
588 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x2A,
589 0x03, 0x00, 0x83, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x56, 0x04, 0x65, 0x9B,
590 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06, 0x02, 0x37, 0x00, 0x29,
591 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05, 0x02, 0x72, 0x2B, 0x01,
592 0x0F, 0x13, 0x03, 0x00, 0xAE, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06,
593 0x23, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F, 0x01, 0x01, 0x12, 0x02,
594 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08, 0x12, 0x2A, 0x01, 0x02,
595 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02, 0x6C, 0x2B, 0x04, 0x0D,
596 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01,
597 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBE, 0x2A, 0x03, 0x01, 0x2A, 0x01,
598 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83, 0x47, 0xB4, 0x02, 0x01,
599 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00, 0x00, 0x1D, 0xB8, 0x01,
600 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A, 0xB8, 0x01, 0x01, 0x0F,
601 0x05, 0x02, 0x71, 0x2B, 0xBE, 0x2A, 0x03, 0x00, 0x77, 0x40, 0x78, 0x01,
602 0x20, 0xB4, 0xC0, 0x2A, 0x01, 0x20, 0x10, 0x06, 0x02, 0x70, 0x2B, 0x2A,
603 0x8E, 0x42, 0x8D, 0x47, 0xB4, 0x1A, 0x03, 0x01, 0xBE, 0xA5, 0x01, 0x00,
604 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0, 0x17, 0x3A, 0x08, 0x03,
605 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBE, 0x2A, 0x03, 0x06, 0x02,
606 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03,
607 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x88, 0x30, 0x06, 0x02,
608 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01, 0x81, 0xAC, 0x00, 0x0F,
609 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02, 0x00, 0x95, 0x2E, 0x0B,
610 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC2, 0x2A, 0x5B, 0x06, 0x03,
611 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x79,
612 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29, 0x02, 0x05, 0x02, 0x04,
613 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02, 0x05, 0x40, 0x02, 0x05,
614 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x29, 0x01, 0x00, 0x03,
615 0x07, 0xC0, 0xA5, 0x2A, 0x06, 0x09, 0xC0, 0x05, 0x04, 0x01, 0x7F, 0x03,
616 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42, 0x01, 0x88, 0x04, 0x80,
617 0x41, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x80, 0x4E,
618 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x47, 0xBE, 0x01, 0x00, 0x3A, 0x0F, 0x06,
619 0x04, 0x29, 0xB7, 0x04, 0x39, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
620 0xB5, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A, 0x0F, 0x06, 0x04, 0x29,
621 0xB6, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBC, 0x04,
622 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xBD, 0x04, 0x0F, 0x01,
623 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xAA, 0x04, 0x05, 0x29, 0xBA, 0x01,
624 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02, 0x01, 0x02, 0x03, 0x13,
625 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77, 0x2E, 0x97, 0x40, 0x01,
626 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00, 0x10, 0x06, 0x03, 0x29,
627 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x6B, 0x2B, 0x02,
628 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0xA1, 0x02, 0x01,
629 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x29, 0x93, 0x2E,
630 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93, 0x40, 0x2A, 0x94, 0x40,
631 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06,
632 0x04, 0x01, 0x02, 0x88, 0x42, 0x88, 0x30, 0x05, 0x04, 0x01, 0x01, 0x88,
633 0x42, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82,
634 0x01, 0x07, 0x01, 0xFC, 0x80, 0x00, 0x39, 0x80, 0x2F, 0x13, 0x2A, 0x80,
635 0x41, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47, 0x01, 0x08, 0x12,
636 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x7C, 0x2F,
637 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02,
638 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20, 0x34, 0x01, 0x20,
639 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04, 0x0B, 0x06, 0x80,
640 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12, 0x2A, 0x01, 0x01,
641 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A, 0x02, 0x09, 0x13,
642 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05, 0x0E, 0x2A, 0x01,
643 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63, 0x01, 0x00, 0x2A,
644 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05, 0x40, 0x02, 0x05,
645 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01, 0x04, 0x08, 0x04,
646 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02, 0x12, 0x2A, 0x05,
647 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01, 0x83, 0xFF, 0x7F,
648 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01, 0x80, 0x78, 0xA1,
649 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x01, 0x00,
650 0x00, 0x00, 0xB2, 0xB1, 0x00, 0x04, 0x76, 0x2E, 0xCC, 0x06, 0x16, 0xBE,
651 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x2A, 0x03, 0x00,
652 0x83, 0x47, 0xB4, 0x02, 0x00, 0x76, 0x2E, 0xA6, 0x27, 0x76, 0x2E, 0x2A,
653 0xCA, 0x47, 0xC9, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x39,
654 0x06, 0x14, 0xC0, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB4, 0x02, 0x03, 0x76,
655 0x2E, 0xA6, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01, 0x24, 0x9B, 0x00,
656 0x00, 0xB8, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x00, 0x9C,
657 0xB8, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83, 0x01, 0x0C, 0x08,
658 0x01, 0x0C, 0xB4, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x32,
659 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
660 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02,
661 0x63, 0x00, 0xCF, 0x04, 0x74, 0x00, 0xBE, 0x01, 0x01, 0x0E, 0x06, 0x02,
662 0x66, 0x2B, 0xC0, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05, 0x11, 0x39, 0x06,
663 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30, 0x0B, 0x06, 0x0D,
664 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42, 0x84, 0x42, 0x04,
665 0x01, 0x29, 0x00, 0x00, 0xBE, 0x88, 0x30, 0x01, 0x00, 0x3A, 0x0F, 0x06,
666 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x06, 0x02,
667 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01, 0x02, 0x3A, 0x0F,
668 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0xC0, 0x01,
669 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C, 0xB4, 0x89, 0x83,
670 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03, 0x69, 0x2B, 0x29,
671 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x2A, 0x06, 0x1D, 0xC0, 0x06, 0x03,
672 0xBA, 0x04, 0x15, 0xBE, 0x2A, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x2A,
673 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB4, 0x04, 0x01, 0xC7,
674 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB9, 0x2A, 0x5D, 0x06, 0x07, 0x29,
675 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC1, 0x01, 0x03, 0xBF,
676 0x47, 0x29, 0x47, 0x00, 0x00, 0xBE, 0xC7, 0x00, 0x03, 0x01, 0x00, 0x03,
677 0x00, 0xBE, 0xA5, 0x2A, 0x06, 0x80, 0x50, 0xC0, 0x03, 0x01, 0xC0, 0x03,
678 0x02, 0x02, 0x01, 0x01, 0x08, 0x0F, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
679 0x0D, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0C, 0x02,
680 0x00, 0x39, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02,
681 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02,
682 0x01, 0x03, 0x0F, 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
683 0x02, 0x60, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00,
684 0x04, 0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBE, 0xA5, 0xBB, 0x80,
685 0x41, 0x9B, 0x00, 0x00, 0xBE, 0xA5, 0xBE, 0xA5, 0x01, 0x00, 0x7C, 0x41,
686 0x2A, 0x06, 0x15, 0xBE, 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01,
687 0x47, 0x0C, 0x7C, 0x2F, 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68,
688 0x9B, 0x9B, 0x00, 0x00, 0x01, 0x02, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1,
689 0x08, 0x00, 0x00, 0x01, 0x03, 0x98, 0xC1, 0x01, 0x08, 0x0C, 0xC1, 0x08,
690 0x01, 0x08, 0x0C, 0xC1, 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC1, 0x00,
691 0x00, 0x3D, 0x2A, 0x5B, 0x05, 0x01, 0x00, 0x29, 0xCF, 0x04, 0x76, 0x02,
692 0x03, 0x00, 0x92, 0x30, 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B,
693 0x06, 0x10, 0x2A, 0x01, 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F,
694 0x06, 0x01, 0x00, 0x5F, 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C,
695 0x19, 0x38, 0x06, 0x04, 0xCD, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42,
696 0x01, 0x00, 0xE0, 0x01, 0x00, 0xDF, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00,
697 0x00, 0x01, 0x15, 0x87, 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00,
698 0x00, 0x01, 0x01, 0x47, 0xC4, 0x00, 0x00, 0xB9, 0x01, 0x01, 0x0F, 0x05,
699 0x02, 0x71, 0x2B, 0x2A, 0xC7, 0x29, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47,
700 0x2A, 0x06, 0x05, 0xC1, 0x29, 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03,
701 0x00, 0x76, 0x2E, 0x9A, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02,
702 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12,
703 0x01, 0x0F, 0x13, 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00,
704 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80,
705 0x68, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10,
706 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01,
707 0x02, 0x3A, 0x0F, 0x06, 0x0F, 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00,
708 0x06, 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F,
709 0x06, 0x0E, 0x29, 0x29, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04,
710 0x01, 0x49, 0x04, 0x29, 0x01, 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29,
711 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15,
712 0x01, 0x05, 0x3A, 0x0F, 0x06, 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03,
713 0x4C, 0x04, 0x01, 0x4D, 0x04, 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A,
714 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12,
715 0x2A, 0x5E, 0x47, 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C,
716 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00,
717 0x00, 0x1B, 0x01, 0x00, 0x73, 0x30, 0x2A, 0x06, 0x22, 0x01, 0x01, 0x3A,
718 0x0F, 0x06, 0x06, 0x29, 0x01, 0x00, 0x9E, 0x04, 0x14, 0x01, 0x02, 0x3A,
719 0x0F, 0x06, 0x0D, 0x29, 0x75, 0x30, 0x01, 0x01, 0x0F, 0x06, 0x03, 0x01,
720 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x7B, 0x30, 0x05, 0x33,
721 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A, 0x0F, 0x06, 0x06, 0x29,
722 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A, 0x0F, 0x06, 0x09, 0x29,
723 0xA8, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01, 0x16, 0x3A, 0x0F,
724 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07, 0x29, 0x01, 0x04, 0x39,
725 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08, 0x39, 0x00, 0x00, 0x1B,
726 0x2A, 0x05, 0x13, 0x31, 0x06, 0x10, 0x86, 0x30, 0x01, 0x15, 0x0F, 0x06,
727 0x08, 0x29, 0xA8, 0x01, 0x00, 0x75, 0x42, 0x04, 0x01, 0x23, 0x00, 0x00,
728 0xCD, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
729 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
730 0xCD, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD0, 0x01, 0x01, 0xE0, 0x2C,
731 0x2A, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD0, 0xD4, 0x2C, 0x00, 0x00, 0x01,
732 0x0B, 0xE0, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDF, 0xDF, 0x14, 0x2A,
733 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDF, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
734 0xD8, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xDA, 0x93, 0x2E,
735 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xDB, 0x08, 0x4E,
736 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xE0, 0xDF, 0x01, 0x00, 0xDA, 0xE0,
737 0x01, 0x01, 0xDA, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
738 0x01, 0x00, 0xDB, 0xDE, 0x01, 0x01, 0xDB, 0x29, 0x4E, 0xDE, 0x16, 0x15,
739 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDE, 0x1F, 0x2A, 0x06, 0x05, 0x83,
740 0x47, 0xD8, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xE0,
741 0x01, 0x0C, 0xDF, 0x83, 0x01, 0x0C, 0xD8, 0x00, 0x04, 0x03, 0x00, 0x01,
742 0x02, 0xE0, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
743 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
744 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
745 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
746 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
747 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDF, 0x93, 0x2E, 0xDE, 0x8C,
748 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
749 0x20, 0xD8, 0x01, 0x20, 0xE0, 0x8D, 0x01, 0x20, 0xD8, 0x76, 0x2E, 0xDE,
750 0x01, 0x00, 0xE0, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
751 0x06, 0x80, 0x40, 0xDE, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
752 0x01, 0xDE, 0x01, 0x04, 0x09, 0x2A, 0xDE, 0x60, 0x89, 0x47, 0xD9, 0x04,
753 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDE, 0x01, 0x01, 0xDE,
754 0x84, 0x30, 0x01, 0x08, 0x09, 0xE0, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
755 0x10, 0xDE, 0x01, 0x04, 0x09, 0x2A, 0xDE, 0x62, 0x2A, 0xDE, 0x60, 0x83,
756 0x47, 0xD9, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
757 0xE0, 0x01, 0x00, 0xDF, 0x00, 0x03, 0x76, 0x2E, 0xCA, 0x05, 0x01, 0x00,
758 0x7C, 0x2F, 0x2A, 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x13, 0x06, 0x05,
759 0x29, 0x01, 0x1D, 0x04, 0x0E, 0x2A, 0x01, 0x83, 0xC0, 0x80, 0x80, 0x00,
760 0x13, 0x2A, 0x06, 0x01, 0x47, 0x29, 0xA3, 0x03, 0x00, 0x02, 0x00, 0x25,
761 0x2A, 0x5B, 0x06, 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86,
762 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xE0, 0x02, 0x01, 0x7E, 0x30, 0x08,
763 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDF, 0x01, 0x03,
764 0xE0, 0x02, 0x00, 0xDE, 0x7D, 0x7E, 0x30, 0xD9, 0x02, 0x02, 0x06, 0x1C,
765 0x90, 0x2E, 0x2A, 0x01, 0x83, 0xFE, 0x00, 0x0B, 0x06, 0x03, 0xDE, 0x04,
766 0x0F, 0x01, 0x81, 0x7F, 0x13, 0xE0, 0x76, 0x2E, 0xCB, 0x01, 0x01, 0x0C,
767 0x01, 0x03, 0x08, 0xE0, 0x02, 0x01, 0xDE, 0x83, 0x02, 0x01, 0xD8, 0x00,
768 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x29,
769 0x04, 0x73, 0x00, 0x2A, 0xE0, 0xD8, 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E,
770 0xC9, 0x06, 0x0C, 0x61, 0x3A, 0x06, 0x08, 0x01, 0x80, 0x41, 0xE0, 0x01,
771 0x80, 0x42, 0xE0, 0x46, 0x06, 0x07, 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01,
772 0xE0, 0x45, 0x06, 0x08, 0x5F, 0x3A, 0x06, 0x04, 0x01, 0x80, 0x40, 0xE0,
773 0x47, 0x29, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x46, 0x45, 0x39, 0x05,
774 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xDC, 0x03, 0x00, 0x01, 0x03, 0x01,
775 0x80, 0x7C, 0xDC, 0x02, 0x00, 0x08, 0x47, 0x29, 0x00, 0x46, 0x06, 0x07,
776 0x01, 0x01, 0x44, 0x29, 0xDC, 0x03, 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03,
777 0x44, 0x29, 0xDC, 0x02, 0x00, 0x08, 0x03, 0x00, 0x29, 0x02, 0x00, 0x00,
778 0x00, 0x01, 0x00, 0x01, 0x04, 0xDD, 0x01, 0x05, 0xDD, 0x01, 0x06, 0xDD,
779 0x01, 0x03, 0xDD, 0x01, 0x02, 0xDD, 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00,
780 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x61, 0x01,
781 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00, 0xE0, 0x01, 0x02, 0x3B, 0xE0, 0x00,
782 0x00, 0x2A, 0x01, 0x08, 0x52, 0xE0, 0xE0, 0x00, 0x00, 0x2A, 0x01, 0x10,
783 0x52, 0xE0, 0xDE, 0x00, 0x00, 0x2A, 0x55, 0x06, 0x02, 0x29, 0x00, 0xCD,
787 static const uint16_t t0_caddr
[] = {
924 #define T0_INTERPRETED 91
926 #define T0_ENTER(ip, rp, slot) do { \
927 const unsigned char *t0_newip; \
929 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
930 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
932 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
936 #define T0_DEFENTRY(name, slot) \
940 t0_context *t0ctx = ctx; \
941 t0ctx->ip = &t0_codeblock[0]; \
942 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
945 T0_DEFENTRY(br_ssl_hs_server_init_main
, 164)
947 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
950 br_ssl_hs_server_run(void *t0ctx
)
953 const unsigned char *ip
;
955 #define T0_LOCAL(x) (*(rp - 2 - (x)))
956 #define T0_POP() (*-- dp)
957 #define T0_POPi() (*(int32_t *)(-- dp))
958 #define T0_PEEK(x) (*(dp - 1 - (x)))
959 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
960 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
961 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
962 #define T0_RPOP() (*-- rp)
963 #define T0_RPOPi() (*(int32_t *)(-- rp))
964 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
965 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
966 #define T0_ROLL(x) do { \
967 size_t t0len = (size_t)(x); \
968 uint32_t t0tmp = *(dp - 1 - t0len); \
969 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
972 #define T0_SWAP() do { \
973 uint32_t t0tmp = *(dp - 2); \
974 *(dp - 2) = *(dp - 1); \
977 #define T0_ROT() do { \
978 uint32_t t0tmp = *(dp - 3); \
979 *(dp - 3) = *(dp - 2); \
980 *(dp - 2) = *(dp - 1); \
983 #define T0_NROT() do { \
984 uint32_t t0tmp = *(dp - 1); \
985 *(dp - 1) = *(dp - 2); \
986 *(dp - 2) = *(dp - 3); \
989 #define T0_PICK(x) do { \
990 uint32_t t0depth = (x); \
991 T0_PUSH(T0_PEEK(t0depth)); \
993 #define T0_CO() do { \
996 #define T0_RET() goto t0_next
998 dp
= ((t0_context
*)t0ctx
)->dp
;
999 rp
= ((t0_context
*)t0ctx
)->rp
;
1000 ip
= ((t0_context
*)t0ctx
)->ip
;
1007 if (t0x
< T0_INTERPRETED
) {
1019 ip
= &t0_codeblock
[t0x
];
1021 case 1: /* literal constant */
1022 T0_PUSHi(t0_parse7E_signed(&ip
));
1024 case 2: /* read local */
1025 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
1027 case 3: /* write local */
1028 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
1031 t0off
= t0_parse7E_signed(&ip
);
1034 case 5: /* jump if */
1035 t0off
= t0_parse7E_signed(&ip
);
1040 case 6: /* jump if not */
1041 t0off
= t0_parse7E_signed(&ip
);
1049 uint32_t b
= T0_POP();
1050 uint32_t a
= T0_POP();
1058 uint32_t b
= T0_POP();
1059 uint32_t a
= T0_POP();
1067 uint32_t b
= T0_POP();
1068 uint32_t a
= T0_POP();
1081 int32_t b
= T0_POPi();
1082 int32_t a
= T0_POPi();
1083 T0_PUSH(-(uint32_t)(a
< b
));
1090 int c
= (int)T0_POPi();
1091 uint32_t x
= T0_POP();
1099 int32_t b
= T0_POPi();
1100 int32_t a
= T0_POPi();
1101 T0_PUSH(-(uint32_t)(a
<= b
));
1108 uint32_t b
= T0_POP();
1109 uint32_t a
= T0_POP();
1110 T0_PUSH(-(uint32_t)(a
!= b
));
1117 uint32_t b
= T0_POP();
1118 uint32_t a
= T0_POP();
1119 T0_PUSH(-(uint32_t)(a
== b
));
1126 int32_t b
= T0_POPi();
1127 int32_t a
= T0_POPi();
1128 T0_PUSH(-(uint32_t)(a
> b
));
1135 int32_t b
= T0_POPi();
1136 int32_t a
= T0_POPi();
1137 T0_PUSH(-(uint32_t)(a
>= b
));
1144 int c
= (int)T0_POPi();
1145 int32_t x
= T0_POPi();
1153 uint32_t b
= T0_POP();
1154 uint32_t a
= T0_POP();
1162 if (ENG
->chain_len
== 0) {
1165 ENG
->cert_cur
= ENG
->chain
->data
;
1166 ENG
->cert_len
= ENG
->chain
->data_len
;
1169 T0_PUSH(ENG
->cert_len
);
1177 const br_x500_name
*dn
;
1178 if (CTX
->cur_dn_index
>= CTX
->num_tas
) {
1181 if (CTX
->ta_names
== NULL
) {
1182 dn
= &CTX
->tas
[CTX
->cur_dn_index
].dn
;
1184 dn
= &CTX
->ta_names
[CTX
->cur_dn_index
];
1186 CTX
->cur_dn_index
++;
1187 CTX
->cur_dn
= dn
->data
;
1188 CTX
->cur_dn_len
= dn
->len
;
1189 T0_PUSH(CTX
->cur_dn_len
);
1195 /* begin-ta-name-list */
1197 CTX
->cur_dn_index
= 0;
1204 size_t len
= (size_t)T0_POP();
1205 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1206 memset(addr
, 0, len
);
1211 /* call-policy-handler */
1214 br_ssl_server_choices choices
;
1216 x
= (*CTX
->policy_vtable
)->choose(
1217 CTX
->policy_vtable
, CTX
, &choices
);
1218 ENG
->session
.cipher_suite
= choices
.cipher_suite
;
1219 CTX
->sign_hash_id
= choices
.algo_id
;
1220 ENG
->chain
= choices
.chain
;
1221 ENG
->chain_len
= choices
.chain_len
;
1222 T0_PUSHi(-(x
!= 0));
1229 T0_PUSHi(-(ENG
->hlen_out
> 0));
1236 if (ENG
->session
.session_id_len
== 32
1237 && CTX
->cache_vtable
!= NULL
&& (*CTX
->cache_vtable
)->load(
1238 CTX
->cache_vtable
, CTX
, &ENG
->session
))
1253 /* compute-Finished-inner */
1255 int prf_id
= T0_POP();
1256 int from_client
= T0_POPi();
1257 unsigned char tmp
[48];
1258 br_tls_prf_seed_chunk seed
;
1260 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1262 if (ENG
->session
.version
>= BR_TLS12
) {
1263 seed
.len
= br_multihash_out(&ENG
->mhash
, prf_id
, tmp
);
1265 br_multihash_out(&ENG
->mhash
, br_md5_ID
, tmp
);
1266 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, tmp
+ 16);
1269 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1270 sizeof ENG
->session
.master_secret
,
1271 from_client
? "client finished" : "server finished",
1277 /* compute-hash-CV */
1281 for (i
= 1; i
<= 6; i
++) {
1282 br_multihash_out(&ENG
->mhash
, i
,
1283 ENG
->pad
+ HASH_PAD_OFF
[i
- 1]);
1289 /* copy-cert-chunk */
1293 clen
= ENG
->cert_len
;
1294 if (clen
> sizeof ENG
->pad
) {
1295 clen
= sizeof ENG
->pad
;
1297 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1298 ENG
->cert_cur
+= clen
;
1299 ENG
->cert_len
-= clen
;
1309 clen
= CTX
->cur_dn_len
;
1310 if (clen
> sizeof ENG
->pad
) {
1311 clen
= sizeof ENG
->pad
;
1313 memcpy(ENG
->pad
, CTX
->cur_dn
, clen
);
1314 CTX
->cur_dn
+= clen
;
1315 CTX
->cur_dn_len
-= clen
;
1330 if (br_multihash_getimpl(&ENG
->mhash
, id
) == 0) {
1334 off
= HASH_PAD_OFF
[id
- 1];
1335 len
= HASH_PAD_OFF
[id
] - off
;
1337 memcpy(CTX
->hash_CV
, ENG
->pad
+ off
, len
);
1338 CTX
->hash_CV_len
= len
;
1339 CTX
->hash_CV_id
= id
;
1345 /* copy-protocol-name */
1347 size_t idx
= T0_POP();
1348 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1349 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1357 size_t addr
= T0_POP();
1358 T0_PUSH(t0_datablock
[addr
]);
1372 int prf_id
= T0_POPi();
1373 size_t len
= T0_POP();
1374 do_ecdh(CTX
, prf_id
, ENG
->pad
, len
);
1379 /* do-ecdhe-part1 */
1381 int curve
= T0_POPi();
1382 T0_PUSHi(do_ecdhe_part1(CTX
, curve
));
1387 /* do-ecdhe-part2 */
1389 int prf_id
= T0_POPi();
1390 size_t len
= T0_POP();
1391 do_ecdhe_part2(CTX
, prf_id
, ENG
->pad
, len
);
1396 /* do-rsa-decrypt */
1398 int prf_id
= T0_POPi();
1399 size_t len
= T0_POP();
1400 do_rsa_decrypt(CTX
, prf_id
, ENG
->pad
, len
);
1405 /* do-static-ecdh */
1407 do_static_ecdh(CTX
, T0_POP());
1418 T0_PUSH(T0_PEEK(0));
1424 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1432 br_ssl_engine_flush_record(ENG
);
1437 /* get-key-type-usages */
1439 const br_x509_class
*xc
;
1440 const br_x509_pkey
*pk
;
1443 xc
= *(ENG
->x509ctx
);
1444 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1448 T0_PUSH(pk
->key_type
| usages
);
1456 size_t addr
= (size_t)T0_POP();
1457 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG
+ addr
));
1464 size_t addr
= (size_t)T0_POP();
1465 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG
+ addr
));
1472 size_t addr
= (size_t)T0_POP();
1473 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1480 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1487 size_t len
= (size_t)T0_POP();
1488 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1489 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1490 int x
= memcmp(addr1
, addr2
, len
);
1491 T0_PUSH((uint32_t)-(x
== 0));
1498 size_t len
= (size_t)T0_POP();
1499 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1500 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1501 memcpy(dst
, src
, len
);
1508 size_t len
= (size_t)T0_POP();
1509 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1510 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1515 /* more-incoming-bytes? */
1517 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1522 /* multihash-init */
1524 br_multihash_init(&ENG
->mhash
);
1531 uint32_t a
= T0_POP();
1539 uint32_t a
= T0_POP();
1547 uint32_t b
= T0_POP();
1548 uint32_t a
= T0_POP();
1555 T0_PUSH(T0_PEEK(1));
1564 /* read-chunk-native */
1566 size_t clen
= ENG
->hlen_in
;
1572 if ((size_t)len
< clen
) {
1575 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1576 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1577 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1579 T0_PUSH(addr
+ (uint32_t)clen
);
1580 T0_PUSH(len
- (uint32_t)clen
);
1581 ENG
->hbuf_in
+= clen
;
1582 ENG
->hlen_in
-= clen
;
1590 if (ENG
->hlen_in
> 0) {
1593 x
= *ENG
->hbuf_in
++;
1594 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1595 br_multihash_update(&ENG
->mhash
, &x
, 1);
1608 if (CTX
->cache_vtable
!= NULL
) {
1609 (*CTX
->cache_vtable
)->save(
1610 CTX
->cache_vtable
, CTX
, &ENG
->session
);
1616 /* set-max-frag-len */
1618 size_t max_frag_len
= T0_POP();
1620 br_ssl_engine_new_max_frag_len(ENG
, max_frag_len
);
1623 * We must adjust our own output limit. Since we call this only
1624 * after receiving a ClientHello and before beginning to send
1625 * the ServerHello, the next output record should be empty at
1626 * that point, so we can use max_frag_len as a limit.
1628 if (ENG
->hlen_out
> max_frag_len
) {
1629 ENG
->hlen_out
= max_frag_len
;
1637 size_t addr
= (size_t)T0_POP();
1638 *(uint16_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1645 size_t addr
= (size_t)T0_POP();
1646 *(uint32_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1653 size_t addr
= (size_t)T0_POP();
1654 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1659 /* supported-curves */
1661 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1667 /* supported-hash-functions */
1674 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1675 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1686 /* supports-ecdsa? */
1688 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1693 /* supports-rsa-sign? */
1695 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1705 /* switch-aesgcm-in */
1707 int is_client
, prf_id
;
1708 unsigned cipher_key_len
;
1710 cipher_key_len
= T0_POP();
1712 is_client
= T0_POP();
1713 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1714 ENG
->iaes_ctr
, cipher_key_len
);
1719 /* switch-aesgcm-out */
1721 int is_client
, prf_id
;
1722 unsigned cipher_key_len
;
1724 cipher_key_len
= T0_POP();
1726 is_client
= T0_POP();
1727 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1728 ENG
->iaes_ctr
, cipher_key_len
);
1735 int is_client
, prf_id
, mac_id
, aes
;
1736 unsigned cipher_key_len
;
1738 cipher_key_len
= T0_POP();
1742 is_client
= T0_POP();
1743 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1744 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1749 /* switch-cbc-out */
1751 int is_client
, prf_id
, mac_id
, aes
;
1752 unsigned cipher_key_len
;
1754 cipher_key_len
= T0_POP();
1758 is_client
= T0_POP();
1759 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1760 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1765 /* switch-chapol-in */
1767 int is_client
, prf_id
;
1770 is_client
= T0_POP();
1771 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1776 /* switch-chapol-out */
1778 int is_client
, prf_id
;
1781 is_client
= T0_POP();
1782 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1787 /* ta-names-total-length */
1792 if (CTX
->ta_names
!= NULL
) {
1793 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1794 len
+= CTX
->ta_names
[u
].len
+ 2;
1796 } else if (CTX
->tas
!= NULL
) {
1797 for (u
= 0; u
< CTX
->num_tas
; u
++) {
1798 len
+= CTX
->tas
[u
].dn
.len
+ 2;
1806 /* test-protocol-name */
1808 size_t len
= T0_POP();
1811 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1814 name
= ENG
->protocol_names
[u
];
1815 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1825 /* total-chain-length */
1831 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1832 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1841 uint32_t b
= T0_POP();
1842 uint32_t a
= T0_POP();
1843 T0_PUSH(-(uint32_t)(a
< b
));
1850 int c
= (int)T0_POPi();
1851 uint32_t x
= T0_POP();
1861 err
= verify_CV_sig(CTX
, T0_POP());
1867 /* write-blob-chunk */
1869 size_t clen
= ENG
->hlen_out
;
1875 if ((size_t)len
< clen
) {
1878 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1879 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1880 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1882 T0_PUSH(addr
+ (uint32_t)clen
);
1883 T0_PUSH(len
- (uint32_t)clen
);
1884 ENG
->hbuf_out
+= clen
;
1885 ENG
->hlen_out
-= clen
;
1895 x
= (unsigned char)T0_POP();
1896 if (ENG
->hlen_out
> 0) {
1897 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1898 br_multihash_update(&ENG
->mhash
, &x
, 1);
1900 *ENG
->hbuf_out
++ = x
;
1912 const br_x509_class
*xc
;
1915 xc
= *(ENG
->x509ctx
);
1917 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1924 const br_x509_class
*xc
;
1926 xc
= *(ENG
->x509ctx
);
1927 xc
->end_cert(ENG
->x509ctx
);
1932 /* x509-end-chain */
1934 const br_x509_class
*xc
;
1936 xc
= *(ENG
->x509ctx
);
1937 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1942 /* x509-start-cert */
1944 const br_x509_class
*xc
;
1946 xc
= *(ENG
->x509ctx
);
1947 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1952 /* x509-start-chain */
1954 const br_x509_class
*xc
;
1958 xc
= *(ENG
->x509ctx
);
1959 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1966 T0_ENTER(ip
, rp
, t0x
);
1970 ((t0_context
*)t0ctx
)->dp
= dp
;
1971 ((t0_context
*)t0ctx
)->rp
= rp
;
1972 ((t0_context
*)t0ctx
)->ip
= ip
;